Re: ptr records set to localhost spammers

Thu, 06 Aug 2009 07:18:29 -0700 

Robert Schetterer wrote:

Hi,
some nets have
set their ptr records to localhost
this causes problems to several mailservers
i see no problems at mine but
just asked to clear

dig -x 123.27.178.4

; <<>> DiG 9.3.5-P1 <<>> -x 123.27.178.4
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46689
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;4.178.27.123.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
4.178.27.123.in-addr.arpa. 86266 IN     PTR     localhost.

i only get warnings ( like ever )

Aug  6 15:04:31 mxback postfix/smtpd[30131]: warning: 123.27.178.4:
address not listed for hostname localhost
Aug  6 15:04:31 mxback postfix/smtpd[30131]: connect from
unknown[123.27.178.4]


is this a hard coded match ( ptrs to localhost are resolved unknown? )
so i.e reject_unknown_reverse_client_hostname
will reject it ever ?

after all this was warned by german heise pc magazin
http://www.heise.de/newsticker/Namens-Trick-oeffnet-Mailserver--/meldung/143123
reject_unknown_reverse_client_hostname only checks for the existence of a PTR, so it won't reject such clients. Postfix will label a PTR of "localhost" as unknown unless it really comes from localhost. This is the normal IP->PTR->IP validation postfix does on client hostnames. 
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
A PTR of localhost shouldn't cause any problems for postfix, but you very likely don't want the mail.
You can reject such clients with a check_reverse_client_hostname access table. Make sure this is after permit_mynetworks so you don't reject the "real" localhost. 
http://www.postfix.org/postconf.5.html#check_reverse_client_hostname_access
# some table
localhost  REJECT you're not localhost
You can also use check_sender_mx_access to reject spammers that set their MX to "localhost". 
http://www.postfix.org/postconf.5.html#check_sender_mx_access
Like most rules, this has the possibility to reject legit mail from misconfigured hosts, but I expect that to be pretty rare. In particular, I've seen some legit idiots that include "localhost" in their MX list. 

  -- Noel Jones

Reply via email to